Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Jeroen on September 14, 2005, 08:13:41 AM
-
Plz help me with the following.
Last week my site has been defaced (?) by someone named "Oldschool".
What did I found out? The one who hackt my site could write a index.hmtl on my website i-bay. And this html was now my startingpage of my site. It was complete white with the text "Oldschool".
How could it be possible that someone from the big bad world of internet could write on my i-bay? What can I do about it?
See the following link to a site of defacement information. This site is now a referringsite for my site and I am not happy about it.
http://www.zone-h.org/en/defacements/view/id=2856702/
-
I would say you got comprimised via your PostNuke install either you set the wrong perms on the ibay during install or your using a version of postnuke that has exploits available (most versions) hehe
After a a bit of noseing around i turned up his Email Addy oldschool.team@gmail.com
-
i had the same thing happen to me. It really does pay to keep up to date with the post security advisorary.
Postnuke forum pages have plenty of information about this and have lots of info on how to go about fixing the problem
-
As always, please post 'suspicious' security issues to security@contribs.org.
Inlcude all details about your setup, and what you have done since a stock install. SME Server by default is very secure, history shows that many 'attacks' are due to additionally installed contribs or manually installed modifications.
Do NOT post your details to these forums, but only and ONLY to security@contribs.org
-
The whole PHP stuff bothers me as insecure...